function check_plain

Encodes special characters in a plain-text string for display as HTML.

Also validates strings as UTF-8 to prevent cross site scripting attacks on Internet Explorer 6.


string $text: The text to be checked or processed.

Return value

string An HTML safe version of $text. If $text is not valid UTF-8, an empty string is returned and, on PHP < 5.4, a warning may be issued depending on server configuration (see

See also


Related topics

188 calls to check_plain()
aggregator_block_view in drupal/modules/aggregator/aggregator.module
Implements hook_block_view().
aggregator_categorize_items in drupal/modules/aggregator/
Form constructor to build the page list form.
aggregator_form_feed in drupal/modules/aggregator/
Form constructor for adding and editing feed sources.
block_admin_display_form in drupal/modules/block/
Form constructor for the main block administration form.
block_form_user_profile_form_alter in drupal/modules/block/block.module
Implements hook_form_FORM_ID_alter() for user_profile_form().

... See full list

10 string references to 'check_plain'
aggregator_form_opml in drupal/modules/aggregator/
Form constructor for importing feeds from OPML.
block_admin_configure in drupal/modules/block/
Form constructor for the block configuration form.
filter_admin_format_form in drupal/modules/filter/
Form constructor for the text format add/edit form.
filter_admin_overview in drupal/modules/filter/
Page callback: Form constructor for a form to list and reorder text formats.
node_form_search_form_alter in drupal/modules/node/node.module
Implements hook_form_FORM_ID_alter().

... See full list


drupal/includes/, line 1842
Functions that need to be loaded on every Drupal request.


function check_plain($text) {
  return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');